Paper 2025/506

On the Estonian Internet Voting System, IVXV, SoK and Suggestions

Shymaa M. Arafat
Abstract

The Estonian i-voting experience, since 2005, is probably the richest to analyze; yet it still holds a collection of noteworthy threats as stated in the 2025 Estonian Academy of Science (Cyber Security Committee) report. This paper first gathers vulnerabilities discovered and improvements/fixes introduced to the Estonian i-voting system, IVXV, in the years 2023-2025; then presents a thorough analysis of its status, as of October 2025 version, with exploits pointed out and solutions suggested. In our review, we shade some light on automated formal verification research attempts that went unnoticed by the Estonian research community; we also notice that, since 2024, forcing a time gap between multiple votes could prevent Perreira revoting attack for verifying voters. Although the problem of not authenticating the Voting Application (VA) is not new and was discussed in the Estonian report, we warn of possible threats that have been missed. We show how new technologies like anonymous online auctions between candidates and hardware execution attests for conditional payment can be used to orchestrate an automated large-scale attack where an encrypted vote is generated online without the vote sellers even knowing who they’re voting for; adding fresh randomness to each ballot enables the attack to pass duplicate ballots anomaly check if existed. We agree that compromised voters’ credentials is a known threat to all i-voting systems; however, it only gets severe in the Estonian case where any application can cast a vote. Finally, we discuss the approaching quantum threat and recommend protecting election data from the possible HNDL (Harvest Now Decrypt Later) privacy threat by encrypting ballots, while residing on the system servers, using a quantum secure symmetric key algorithm (AES). The appendices contain also two suggested solutions for insiders' threat.

Note: On 29/6/2026: ---------------- 1-The web extension for digital ID transaction signing (entering PIN2) is secured by the government; hence until further investigations, voting trojan horses seems infeasible. 2- A note: the AES key needn't to be exchanged with voters, it is used only internally by the system to protect from HNDL threat. On 14/6/2026: ---------------- A fast solution to the HNDL problem was added, + some edits to the introduction and the Contributions list to match the compressed version and the current state. ----------------------------------------------------------------------------------------------------------- This is the final complete extended version containing all details of the earlier versions with the newest details/updates up to 1st June 2026: 1) more details on discovered attacks (especially automated ballot stuffing); 2) a reminder of ghost click attacks,2014, as they fall in malware attacks like trojan horses (also what O. Pereira said about them); 3) a new paper "Beyond the Happy path" was discussed ( fault scenarios share the idea of what the paper advised as "checking for anomalies")..........4) the introduction is edited to contain a paragraph about "Contributions of this paper"; also started with the meaning of "computationally secure" as a reason to justify the geo-political brief. Events on Nov 2025 elections and the Trojan horse threat still exists with more details The compact version (in IEEE format ) is on Researchgate https://www.researchgate.net/publication/383220628_On_the_Estonian_Internet_Voting_System_IVXV_SoK_and_Suggestions Most significant updates: the threat of adversary votes through TROJAN HORSEs embedded in non-voting applications, IVXV updates published on 30/9/2025, Estonian Cyber Security Committee report of noteworthy threats (30/9/2025), and covering Oct 2025 local elections. It will take time to merge the 2 versions into a single version based on the place of acceptance and removal of the posters details by citing them. On 20/9/2025: ----------------- An added row in Table1 since IVXV did add a finger print to the Voting application on June 2024 but in kind of technical steps to the average users and attacks are still possible (https://github.com/DrShymaa2022/E_Vote_ID_2025_posters/blob/main/EncryptedcopyattackPoster_13_9_25.pdf) On 21/8/2025: ----------------- Ukraine is NOT Estonia's closest neighbor, but still the war has put some pressure according to prime minister and a cyber security chairman statements in [7] + other writing edits in red. -------------------------------------------- On 20/7/2025: ----------------- Adding Appendix C about absent voting and possible online credential theft, with an accompanying row in Table 2, + some bench mark figures (taken from [91]) in Appendix A.5 about Verkle Tree proof generation time . On 13/7/2025: ----------------- Adding 2 summary tables of sec.s 5,6 respectively + adding AI-generated Verkle Tree proofs simulation + some changes in the final conclusion

Metadata
Available format(s)
PDF
Category
Attacks and cryptanalysis
Publication info
Preprint.
Keywords
IVXVEl-Gamal Encryptionrange proofsVerkle Treesuniversal verifiabilityEEVonline auctionHNDL
Contact author(s)
shar academic @ gmail com
History
2026-06-29: last of 21 revisions
2025-03-17: received
See all versions
Short URL
https://ia.cr/2025/506
License
Creative Commons Attribution-NonCommercial
CC BY-NC

BibTeX

@misc{cryptoeprint:2025/506,
      author = {Shymaa M. Arafat},
      title = {On the Estonian Internet Voting System, {IVXV}, {SoK}  and Suggestions},
      howpublished = {Cryptology {ePrint} Archive, Paper 2025/506},
      year = {2025},
      url = {https://eprint.iacr.org/2025/506}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.